SV-222998r615938_rule
V-222998
SRG-APP-000504-AS-000229
TCAT-AS-001590
CAT II
10
From the Tomcat server as a privileged user, use the auditctl command.
sudo auditctl -w $CATALINA_HOME/bin -p wa -k tomcat
Validate the audit watch was created.
sudo auditctl -l
The user should see:
-w $CATALINA_HOME/ -p wa -k tomcat
Run the following commands From the Tomcat server as a privileged user:
Identify the home folder for the Tomcat server.
sudo grep -i -- 'catalina_home\|catalina_base' /etc/systemd/system/tomcat.service
Check the audit rules for the Tomcat folders.
sudo auditctl -l $CATALINA_HOME/bin |grep -i bin
If the results do not include -w $CATALINA_HOME/bin -p wa -k tomcat, or if there are no results, this is a finding.
V-222998
False
TCAT-AS-001590
Run the following commands From the Tomcat server as a privileged user:
Identify the home folder for the Tomcat server.
sudo grep -i -- 'catalina_home\|catalina_base' /etc/systemd/system/tomcat.service
Check the audit rules for the Tomcat folders.
sudo auditctl -l $CATALINA_HOME/bin |grep -i bin
If the results do not include -w $CATALINA_HOME/bin -p wa -k tomcat, or if there are no results, this is a finding.
M
4094